diff --git a/oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch b/oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch deleted file mode 100644 index 981cad0..0000000 --- a/oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 50a8a8806059647a3e446fd129995af61ec54867 Mon Sep 17 00:00:00 2001 -From: Ingo Franzki -Date: Tue, 3 Dec 2019 14:58:26 +0100 -Subject: [PATCH] EP11: Fix EC-uncompress buffer length - -Function ec_uncompress_public_key() expects the size of the output -buffer in out_pubkey to be specified in the out_len parameter. -However, variable pubkey_len is uninitialized when calling -ec_uncompress_public_key(), so this may result in CKR_BUFFER_TOO_SMALL -dependent on the value of pubkey_len. -Fix this by setting pubkey_len to the size of the public key buffer -allocated above. - -Signed-off-by: Ingo Franzki ---- - usr/lib/ep11_stdll/ep11_specific.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c -index 38b6708f..10dfe4e0 100644 ---- a/usr/lib/ep11_stdll/ep11_specific.c -+++ b/usr/lib/ep11_stdll/ep11_specific.c -@@ -2034,9 +2034,10 @@ static CK_RV import_EC_key(STDLL_TokData_t * tokdata, SESSION * sess, - rc = get_ecsiglen(ec_key_obj, &privkey_len); - if (rc != CKR_OK) - goto import_EC_key_end; -- privkey_len /= 2; /* Public key is half the size of an EC signature */ -+ privkey_len /= 2; /* private key is half the size of an EC signature */ - -- pubkey = (CK_BYTE *)malloc(1 + 2 * privkey_len); -+ pubkey_len = 1 + 2 * privkey_len; -+ pubkey = (CK_BYTE *)malloc(pubkey_len); - if (pubkey == NULL) { - rc = CKR_HOST_MEMORY; - goto import_EC_key_end; --- -2.13.7 - diff --git a/openCryptoki-3.12.1.tar.gz b/openCryptoki-3.12.1.tar.gz deleted file mode 100644 index 90a1ff3..0000000 --- a/openCryptoki-3.12.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a55b4f64a7df220df6b3041a34b4ed03a0852b2fa6bddf542a5876020853d7f1 -size 974180 diff --git a/openCryptoki-3.15.0.tar.gz b/openCryptoki-3.15.0.tar.gz new file mode 100644 index 0000000..3aaae14 --- /dev/null +++ b/openCryptoki-3.15.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8404b8b4d56904065ff232d2ead95c5451b2078eaaec64f0ae0c47118d762000 +size 1145768 diff --git a/openCryptoki.changes b/openCryptoki.changes index b7ec869..42f5903 100644 --- a/openCryptoki.changes +++ b/openCryptoki.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Wed Oct 21 22:28:16 UTC 2020 - Mark Post + +- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666, + jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714 + jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786) + * openCryptoki 3.15.0 + - common: conform to PKCS 11 3.0 Baseline Provider profile + - Introduce new vendor defined interface named "Vendor IBM" + - Support C_IBM_ReencryptSingle via "Vendor IBM" interface + - CCA: support key wrapping + - SOFT: support ECC + - p11sak tool: add remove-key command + - Bug fixes + * openCryptoki 3.14.0 + - EP11: Dilitium support stage 2 + - Common: Rework on process and thread locking + - Common: Rework on btree and object locking + - ICSF: minor fixes + - TPM, ICA, ICSF: support multiple token instances + - new tool p11sak + * openCryptoki 3.13.0 + - EP11: Dilithium support + - EP11: EdDSA support + - EP11: support RSA-OAEP with non-SHA1 hash and MGF +- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch + ------------------------------------------------------------------- Mon Jan 6 19:25:16 UTC 2020 - Mark Post diff --git a/openCryptoki.spec b/openCryptoki.spec index 013f81b..d8cdb64 100644 --- a/openCryptoki.spec +++ b/openCryptoki.spec @@ -1,7 +1,7 @@ # # spec file for package openCryptoki # -# Copyright (c) 2018-2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018-2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %define oc_cvs_tag opencryptoki Name: openCryptoki -Version: 3.12.1 +Version: 3.15.0 Release: 0 Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware License: CPL-1.0 @@ -39,7 +39,6 @@ Source3: openCryptoki-rpmlintrc # Patch 1 is needed because group pkcs11 doesn't exist in the build environment # and because we don't want(?) various file and directory permissions to be 0700. Patch1: ocki-3.11-remove-make-install-chgrp.patch -Patch2: oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch BuildRequires: bison BuildRequires: dos2unix BuildRequires: flex @@ -129,7 +128,6 @@ Cryptographic Accelerator (FC 4960 on pSeries). %prep %setup -q -n %{oc_cvs_tag}-%{version} %patch1 -p1 -%patch2 -p1 cp %{SOURCE2} . @@ -235,6 +233,7 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_A %config %{_sysconfdir}/opencryptoki/ep11tok.conf %{_sbindir}/pkcsep11_migrate %endif +%{_sbindir}/p11sak %{_unitdir}/pkcsslotd.service %{_tmpfilesdir}/opencryptoki.conf %{_sbindir}/rcpkcsslotd @@ -246,6 +245,7 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_A %{_sbindir}/pkcsslotd %{_sbindir}/pkcsconf %{_sbindir}/pkcsicsf +%{_sbindir}/pkcstok_migrate %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll # State and lock directories